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ART-UNIT: 279 

PRIMARY-EXAMINER: Vu; Huy D. 
ABSTRACT : 



A secure communication mechanism for communicating credit card or other sensitive 
information between a user terminal and a server which communicate over a data 
network (e .g. , Internet) . For secure or private communication of sensitive 
information over a data network, a telephone connection is established between the 
originating server to which the user is connected for access to the data network 
and the SP to which the sensitive information is directed. The method and system 
provide for a secure electronic commercial transaction between a user and a 
service provider which charges for information and/or services and/or goods, 
wherein sensitive information includes credit card information transmitted from 
the user to the service provider, and/or electronic information or services 
transmitted from the service provider to the user in exchange for payment received 
from the user. 

36 Claims, 4 Drawing figures 
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ctronically" delivered goods or services (e.g., goods 
food, clothing, etc.) provide an option for avoiding 
ion over the Internet by posting 8 00 telephone numbers 
f-line to pay for the goods or services which were 

over the Internet. This approach, however, is not only 
the appeal and purpose of virtual shopping and on-line 
rvices, but is also not suited as a payment method for 
ing information) which are delivered over the Internet 
s "electronic goods"), and which are preferably 

one session as part of a single transaction. 



BSPR: 

Some providers of "non-ele 
delivered off-line; e.g., 
sending sensitive informat 
that a user later calls of 
ordered (but not paid for) 
cumbersome, thus negating 
purchasing of goods and se 
goods and services (includ 
(referred to hereinafter a 
delivered interactively in 

BSPR: 

It may be understood that the lack of a secure transaction mechanism limits the 
further development of the Internet, the availability of service providers to 
users, and particularly the viability of smaller SPs. It is known that in 
addition to providing gateway access to the Internet and the thousands of small 
service providers around the world, large information service providers such as 
Prodigy, America Online and Compuserve provide their own information and 
interactive services. Users may also access the Internet and the thousands of 
smaller information service providers (ISPs) directly through smaller user-local 
Internet access providers. Generally, the large information service providers 
bill their customers on a time-usage basis after a financial payment relationship 
has been established, with the user/customer receiving a monthly bill which may 
include additional charges for usage of certain information and services and 
which is paid via the conventional postage system. Similarly, the smaller 
user-local Internet access providers usually also base their service charges to 
their subscribers for access to the Internet on a time-usage basis. 

DEPR: 

In FIG. 1, a single ISP 101 is shown connected to the Internet network 102. It 
should be appreciated, however, that a multitude of ISPs are connected to the 
Internet and are available for access to the multitude of users around the world 
having access to the Internet. It may also be appreciated that Internet network 
102 schematically represents an interconnection of network nodes which include 
router and/or gateway servers, which may themselves include or be part of 
websites and/or ISPs. Similarly, ISP 101 may itself include Internet router 
and/or gateway servers. Connection between the ISP 101 and the Internet 102 is 
oyer Tl digital transmission facilities 103, or other high speed transmission 
lines. A user desiring access to the information and/or interactive services 
available over the Internet from ISP 101 may be an individual who accesses the 
Internet through his terminal 104. Terminal 104 can be connected to the Internet 
102 over a POTS telephone connection 105 to the user's local exchange carrier 
(LEC) network 106 through a modem (not shown) . From the LEC 106, connection is 
made to a user-local Internet access provider 107, which provides access to the 
Internet over Tl digital transmission facilities 108. Internet access provider 
107 can dial a telephone number for establishing a call via LEC 106. Similarly, 
ISP 101 can dial a telephone number for establishing a call via LEC 117. 

DEPR: 

More generally, preferably the server that will first send credit card or other 
sensitive or valuable information should not provide the phone number to the 
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other server which would place a call to that phone number, in order to avoid 
such disguised interception by an eavesdropper who need not provide any payment 
or other sensitive or valuable information to the called server before receiving 
payment or other sensitive or valuable information from the called server (even 
if a protocol required the calling party to provide some confirmation or 
identification information to the called party, the eavesdropper likely will have 
intercepted or accessed this confirmation or identification information) . 

DEPR: 

In addition, although the present invention has been described hereinabove 
primarily in connection with the payment for information and/or interactive 
services of the type generally available to a user on the Internet or other data 
network, the present invention could readily be applied to the provision to the 
user of any type of information and/or services to a user on a first connection 
over a network of any type, with billing being effected for that information 
and/or services on a second connection through the telephone network. Thus, the 
present invention could could also be used for teleconferencing services, video 
services, TV services provided by cable and/or broadcast mediums, and interactive 
services such as games, bulletin boards and chat mediums. It is to be understood 
that the term "information and/or interactive services" is to include all of 
these types of information and services, and all other types not specifically 
mentioned. The network over which the information and/or interactive services can 
be provided can be a wired or wireless data network, or a wired or wireless 
analog network. The signals transmitted on the wired network can be electrical or 
optical in nature. Also, while the hereinabove embodiment has been described with 
reference to a telephone call being placed over an IXC network, the telephone 
call may be established within an LEC without special handling by IXC, where the 
ISP and Internet access provider are connected to the same LEC. 

CLPR: 

28. A method for communicating sensitive information from a first internet 
service provider (ISP) server to a second ISP server, where the first ISP server 
and the second ISP server are connected to each other by means of a primary 
connection over a packet network, said method comprising the steps of: 

CLPV: 

While maintaining said primary connection, establishing a connection between said 
first ISP server and said second ISP server that is more secure than said primary 
connection; and 
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